6982537: Crash in Node*step_through_mergemem
authornever
Wed, 22 Sep 2010 13:01:12 -0700
changeset 6741 d4e6d10d7bdf
parent 6740 2bc601284215
child 6742 81ef369b8fc7
6982537: Crash in Node*step_through_mergemem Reviewed-by: kvn
hotspot/src/share/vm/opto/escape.cpp
hotspot/src/share/vm/opto/memnode.cpp
--- a/hotspot/src/share/vm/opto/escape.cpp	Tue Sep 21 13:38:35 2010 -0700
+++ b/hotspot/src/share/vm/opto/escape.cpp	Wed Sep 22 13:01:12 2010 -0700
@@ -706,14 +706,15 @@
 //
 // The next methods are derived from methods in MemNode.
 //
-static Node *step_through_mergemem(MergeMemNode *mmem, int alias_idx, const TypeOopPtr *tinst) {
+static Node *step_through_mergemem(MergeMemNode *mmem, int alias_idx, const TypeOopPtr *toop) {
   Node *mem = mmem;
-  // TypeInstPtr::NOTNULL+any is an OOP with unknown offset - generally
+  // TypeOopPtr::NOTNULL+any is an OOP with unknown offset - generally
   // means an array I have not precisely typed yet.  Do not do any
   // alias stuff with it any time soon.
-  if( tinst->base() != Type::AnyPtr &&
-      !(tinst->klass()->is_java_lang_Object() &&
-        tinst->offset() == Type::OffsetBot) ) {
+  if( toop->base() != Type::AnyPtr &&
+      !(toop->klass() != NULL &&
+        toop->klass()->is_java_lang_Object() &&
+        toop->offset() == Type::OffsetBot) ) {
     mem = mmem->memory_at(alias_idx);
     // Update input if it is progress over what we have now
   }
@@ -803,8 +804,8 @@
   if (orig_mem == NULL)
     return orig_mem;
   Compile* C = phase->C;
-  const TypeOopPtr *tinst = C->get_adr_type(alias_idx)->isa_oopptr();
-  bool is_instance = (tinst != NULL) && tinst->is_known_instance();
+  const TypeOopPtr *toop = C->get_adr_type(alias_idx)->isa_oopptr();
+  bool is_instance = (toop != NULL) && toop->is_known_instance();
   Node *start_mem = C->start()->proj_out(TypeFunc::Memory);
   Node *prev = NULL;
   Node *result = orig_mem;
@@ -827,18 +828,18 @@
     // skip over a call which does not affect this memory slice
     if (result->is_Proj() && result->as_Proj()->_con == TypeFunc::Memory) {
       Node *proj_in = result->in(0);
-      if (proj_in->is_Allocate() && proj_in->_idx == (uint)tinst->instance_id()) {
+      if (proj_in->is_Allocate() && proj_in->_idx == (uint)toop->instance_id()) {
         break;  // hit one of our sentinels
       } else if (proj_in->is_Call()) {
         CallNode *call = proj_in->as_Call();
-        if (!call->may_modify(tinst, phase)) {
+        if (!call->may_modify(toop, phase)) {
           result = call->in(TypeFunc::Memory);
         }
       } else if (proj_in->is_Initialize()) {
         AllocateNode* alloc = proj_in->as_Initialize()->allocation();
         // Stop if this is the initialization for the object instance which
         // which contains this memory slice, otherwise skip over it.
-        if (alloc == NULL || alloc->_idx != (uint)tinst->instance_id()) {
+        if (alloc == NULL || alloc->_idx != (uint)toop->instance_id()) {
           result = proj_in->in(TypeFunc::Memory);
         }
       } else if (proj_in->is_MemBar()) {
@@ -846,7 +847,7 @@
       }
     } else if (result->is_MergeMem()) {
       MergeMemNode *mmem = result->as_MergeMem();
-      result = step_through_mergemem(mmem, alias_idx, tinst);
+      result = step_through_mergemem(mmem, alias_idx, toop);
       if (result == mmem->base_memory()) {
         // Didn't find instance memory, search through general slice recursively.
         result = mmem->memory_at(C->get_general_index(alias_idx));
@@ -866,7 +867,7 @@
         break;
       }
     } else if (result->is_ClearArray()) {
-      if (!ClearArrayNode::step_through(&result, (uint)tinst->instance_id(), phase)) {
+      if (!ClearArrayNode::step_through(&result, (uint)toop->instance_id(), phase)) {
         // Can not bypass initialization of the instance
         // we are looking for.
         break;
--- a/hotspot/src/share/vm/opto/memnode.cpp	Tue Sep 21 13:38:35 2010 -0700
+++ b/hotspot/src/share/vm/opto/memnode.cpp	Wed Sep 22 13:01:12 2010 -0700
@@ -193,14 +193,15 @@
     }
   }
 #endif
-  // TypeInstPtr::NOTNULL+any is an OOP with unknown offset - generally
+  // TypeOopPtr::NOTNULL+any is an OOP with unknown offset - generally
   // means an array I have not precisely typed yet.  Do not do any
   // alias stuff with it any time soon.
-  const TypeOopPtr *tinst = tp->isa_oopptr();
+  const TypeOopPtr *toop = tp->isa_oopptr();
   if( tp->base() != Type::AnyPtr &&
-      !(tinst &&
-        tinst->klass()->is_java_lang_Object() &&
-        tinst->offset() == Type::OffsetBot) ) {
+      !(toop &&
+        toop->klass() != NULL &&
+        toop->klass()->is_java_lang_Object() &&
+        toop->offset() == Type::OffsetBot) ) {
     // compress paths and change unreachable cycles to TOP
     // If not, we can update the input infinitely along a MergeMem cycle
     // Equivalent code in PhiNode::Ideal